X-Git-Url: https://defaria.com/gitweb/?a=blobdiff_plain;f=bin%2Fcertbot_cleanup.sh;h=400c9a2c8088cd5f7732d2f1e589118390e38458;hb=18385edca6c1b1d92351133ab2696c48a48b3f07;hp=ea9472882f5c8a20605dddaebd8efe7877eb8601;hpb=ff80d5b8099e6a572b0c538c42ddf61b9c2f8714;p=clearscm.git diff --git a/bin/certbot_cleanup.sh b/bin/certbot_cleanup.sh index ea94728..400c9a2 100755 --- a/bin/certbot_cleanup.sh +++ b/bin/certbot_cleanup.sh @@ -12,37 +12,54 @@ # # See also: https://help.dreamhost.com/hc/en-us/articles/217555707-DNS-API-commands # -# Crontab: 0 0 1 * * certbot renew --manual-auth-hook /path/to/certbot_authentication.sh --manual-cleanup-hook /path/to/certbot_cleanup.sh +# Crontab: 0 0 20 Jan,Apr,Jul,Oct * certbot renew # # Author: Andrew@DeFaria.com # Created: Fri 04 Jun 2021 11:20:16 PDT -# Modified: +# Modified: Mon Oct 24 11:53:38 AM PDT 2022 # Language: Bash # # (c) Copyright 2021, ClearSCM, Inc., all rights reserved # ################################################################################ -# The following are environment variables that certbot passes to us -# -# CERTBOT_DOMAIN: Domain being authenticated. For example, -# _acme-challenge.example.com for a wildcart cert or -# _acme-challenge.subdomain.example.com for a subdomain -# Note: Pass in $1 for testing or use the default of -# CERTBOT_DOMAIN -domain=${1:-CERTBOT_DOMAIN} +certdir="/System/Certificates" + +mkdir -p $certdir -# CERTBOT_VALIDATION: The validation string. Pass in $2 or use the default of -# CERTBOT_VALIDATION -value=${2:-CERTBOT_VALIDATION} +logfile="$certdir/$(basename $0).log" -logfile=/tmp/debug.log +rm -f $logfile function log { - #echo $1 - echo $1 >> $logfile + echo $1 >> $logfile } # log -# Dreamhost key - generate at https://panel.dreamhost.com/?tree=home.api +log "Starting $0" + +# The following are environment variables that certbot passes to us +# +# CERTBOT_DOMAIN: Domain being authenticated. +# CERTBOT_VALIDATION: Validation string for domain +# +# Check that CERTBOT_DOMAIN and CERTBOT_VALIDATION have been passed in properly +if [ -z "$CERTBOT_DOMAIN"]; then + log "CERTBOT_DOMAIN not passed in!" + exit 1 +else + log "CERTBOT_DOMAIN = $CERTBOT_DOMAIN" +fi + +if [ -z "$CERTBOT_VALIDATION"]; then + log "CERTBOT_VALIDATION not passed in!" + exit 1 +else + log "CERTBOT_VALIDATION = $CERTBOT_VALIDATION" +fi + +# My DNS registar is Dreamhost. These variables are specific to their DNS API. +# Yours will probably be different. +# +# Dreamhost key - generate at https://panel.dreamhost.com/?tree=home.api key=KHY6UJQXD9MEJZHR # URL where the REST endpoint is @@ -50,15 +67,19 @@ url="https://api.dreamhost.com/?key=$key" # Remove a TXT record. Oddly you must also specify the value. function removeTXT { - log "Removing TXT record $CERTBOT_DOMAIN = $CERTBOT_VALIDATION" - cmd="$url&unique_id=$(uuidgen)&cmd=dns-remove_record&record=$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION" + log "Removing TXT record $CERTBOT_DOMAIN = $CERTBOT_VALIDATION" + cmd="$url&unique_id=$(uuidgen)&cmd=dns-remove_record&record=_acme-challenge.$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION" + log "cmd: $cmd" - response=$(wget -O- -q "$cmd") + response=$(wget -O- -q "$cmd") - log "$response" + log "Response = $response" } # removeTXT removeTXT # Removal is instanteous but propagation will take some time. No need to wait -# around though... \ No newline at end of file +# around though... + +# Now deploy new certs +/opt/clearscm/bin/certbot_deploy.sh